High speed server system

ABSTRACT

A network computer system and method are disclosed that provides access to a large number of concurrent clients without undesirable processor lag and delays. The system prepares client objects in advance of client access requests and can dynamically create new client objects over a distributed system when needed. Buffering is provided to avoid processor interrupts.

REFERENCE TO RELATED APPLICATIONS

[0001] This application claims priority from a Provisional ApplicationSer. No. 60/287,212, filed Apr. 27, 2001, which is hereby incorporatedby reference.

BACKGROUND OF THE INVENTION

[0002] The present invention relates to network-based computing and,more particularly, to a high speed network-based computer systemoperating over the internet.

[0003] Network-based computer systems have been used for many years bycompanies in order to connect individual users within a company, oftenat more than one geographic location, to central processors or servers.The advantages of a network include the ability to consolidate all workon one or more central computers, which provides efficient data backupthat is not adversely affected by a hardware failure or “crash” of anyindividual computer or workstation. The use of network-based software isalso an advantage, as users may have access to specialized software forwhich individual copies for each employee would not be justified. Thecost for such software for use on a network may also be less expensivethan individual copies, particularly if the number of users permitted toaccess a given software package at any one time is limited.

[0004] Such networks as previously described have traditionally belimited to companies that install or lease dedicated communicationslinks between the network computers and the individual workstations.Access to the network is limited to employees or third parties who hadbeen specifically installed and properly set-up by the networkadministrator. The number of network users is known and controlled, andthe capabilities of the network, e.g., speed and processing ability, isdesigned knowing those numbers. As new employees or network users areadded, the need for additional network capability can be predicted, andthe network can be upgraded to accommodate those needs in a planned andorganized way.

[0005] The advent of network-based computing over the internet bringsthe advantages of dedicated networks to individual users or subscribers,giving individuals access to specialized, expensive computer softwarethat could not be justified for individual purchase due to infrequencyof use or cost. Convenient and reliable backup of data that is stored onthe network is also a desirable benefit.

[0006] The design and administration of such an internet-based networkpresents problems, however. The numbers of users or network subscribersmay vary in large and unpredictable ways, making network upgradesdifficult to plan and implement. Large numbers of users who demandnetwork system resources at the same time results in processing delaysand unhappy customers.

[0007] Network security is also a concern. It is important to allow onlyauthorized users to have access to the network, and to allow users tohave access to only their own data and documents. Providing thissecurity is possible through user authentication and data encryption,but such functions also require the use of network system resources andmay also increase processing time, which appears to the user as aslowing of the network operation.

SUMMARY OF THE INVENTION

[0008] It is therefore an object of the present invention to provide ahigh-speed internet-based network system that rapidly adjusts forchanges in the number of concurrent users.

[0009] It is a further object of the invention to provide aninternet-based network system that permits rapid encryption anddecryption of user data and documents.

[0010] It is a further object of the invention to provide aninternet-based network system that is easily scalable and distributablein order to accommodate changes in the number of network subscribers.

[0011] These and other objects will become apparent from the illustrateddrawings and the description of the embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

[0012]FIG. 1 is a block diagram of the network computer system inaccordance with the present invention.

[0013]FIG. 2 is a diagram showing the functional layers of the computersystem of the present invention.

[0014]FIG. 3. is a flow chart illustrating an aspect of the operation ofthe network computer system of the present invention.

DESCRIPTION OF THE EMBODIMENTS

[0015] Referring to FIG. 1, there is shown a network computer system 10that includes a central server 12. Server 12 is of conventional design,but it has been found that a Unisys ES7000 computer provides the desiredcapabilities needed for efficient operation of the network system.Server 12 is operatively connected with computer 14 a, which forms aconnection machine or factory with individual users on the network.Computer 14 incorporates security functionality, including firewall 16a. Individual users, represented by individual user computers 18 a, 18b, and 18 c, may connect to computer 14 athrough a variety of methods,but is illustratively shown in FIG. 1 and described herein as being viathe internet, designated 19 in FIG. 1. The number of individual users onsystem 10 at any given time may vary considerably; and may increase ordecrease quickly. This variability is shown in FIG. 1 as individual usercomputer 18 n, shown in phantom. System 10 may bring additionalconnection machines, such as computer 14 b (with firewall 16 b), shownin phantom, online as needed to service individual users, such as usercomputer 18 n. System 10 therefore provides efficient scalability to addconnection computers as needed.

[0016] In accordance with an aspect of the present invention, server 12is able to prepare for client- or user-requested connections before theuser computer actually makes the connection request. This isaccomplished by creating, or registering, a sufficient number of clientor user connection objects 20 with the operating system of server 12 atthe time of startup of server 12. The number of client or userconnection objects 20 that are registered is determined based on anestimate of the number of users that are expected to request connection,such that the number of available user objects is equal to or exceedsthat number of expected users; however, the number of client or userobjects 20 that are registered or prepared is dependent upon theavailable system resources of server 12. The presence of prepared andregistered user connection objects 20 allows system 10 to be immediatelyresponsive to a large number of user connection requests that all arriveat the same time. As users are connected and consume the connectionobjects 20, more objects are created and registered to make suresufficient numbers of connection objects are available.

[0017] To improve efficiency of system resources, a user connection isonly maintained for the length of time necessary to fulfill the requestof the user. For example, if a file is to be transferred, the filelength is given at the beginning of the communication session, so thatwhen it is determined that a block of data has been transferred equal tothe predetermined file size, the file is deemed to have beentransferred, and the connection is consequently severed. By theabove-described process of maintaining prepared client or user objects,which permits rapid reconnections with users when further activity isdesired, terminating user communications does not adversely affect thenetwork's ability to respond timely to a particular user's requests.Server 12 may also act to disconnect any user if there is no requestactivity for a predetermined period of time.

[0018] System 10, which utilizes TCP communications protocols withusers, transfers information as packet streams. In this embodiment,information such as data files shares the same packet stream with userrequests, so that server 12, via connection computers 14 a and 14 b, cancontinue a conversation with a client as long as there are client oruser requests to process and/or responses to send. The above system alsopermits dynamic data compression and encryption by way of distributingthe creation of compression and encryption object across as manycomputers or processors within the network as necessary, so that theoperation of the operating system of server 12 is not adversely impactedor slowed. By this process, server 12 may delegateencryption/decryption, compression/decompression, and other functions toother computers or processors, such as computer 22, that are locatedwithin system 10 in order to speed processing of user requests and toavoid overloading the processor resources of server 12.

[0019] As illustrated in FIG. 2, network computer system 10 is composedof four functional layers. The first layer 21 is the communicationslayer that is responsible for the TCP/IP message traffic between networksystem 10 and the user computers 18 a, 18 b . . . 18 n. This layer 21,also referred to as the stateless request handler, supports multiple TCPservers running concurrently, and is responsible for utilizingadditional TCP servers located within the network as necessary duringoperation to support the users requesting connections with sever 12. Thecommunications layer can simultaneously and seamlessly support usercommunications via HTTP applications. The communications layer also isresponsible for detecting and resolving network intrusion and servicedisruption attacks. It also utilizes asynchronous transaction logging ofuser attributes, such as user IP addresses for the communications layer,for example. System 10 utilizes a separate thread for this transactionlogging function, which runs in parallel with the main executableuser-related transactions. The system posts messages to the loggingthread which then performs the requested logging function concurrentlywith other transaction functions.

[0020] The second functional layer 23 is referred to as the encryptionand compression layer. Multiple encryption and compression algorithmsare supported concurrently, including for example, 56- and 128-bit RSAcryptography. Encryption and compression objects are created and manageddynamically based on the number of connected users to provide fastencryption and compression of data as needed. This layer also utilizesthe logging thread previously described to permit asynchronoustransaction logging of encryption and compression attributes, such asuser-identified encryption algorithms.

[0021] The third functional layer 25 is the broker service ortransaction routing layer. This layer is responsible for identifying thetype of user transaction being requested, and routing that transactionto the appropriate business objects 27. The business objects 27 relateto the particular type of transaction, such as, for example, fileservices, email services or services related to the user's personalinformation manager. In accordance with an aspect of the presentinvention, the transaction routing layer routs the requested transactionto the appropriate business object, and can accommodate the addition ofnew business objects which add new or improved services to the network.As an example, a new business object for a new service, e.g.,videoconferencing, may be added, without disrupting the operation of thenetwork. The transaction routing layer 25 continues to identify thetransaction and routs it to the appropriate business object 27. Thetransaction routing layer 25 also utilizes the logging thread forasynchronous transaction logging of command types, e.g., is a fileinvolved in the transaction request. The logging thread also logs thelength of time that occurs for information to pass between functionallayer, in order to gauge the efficiency of the network.

[0022] The fourth layer 29 is the data layer. The data layer isresponsible for providing data services to fulfill user requests viabusiness objects 27. This layer illustratively uses a Microsoft SQLServer data engine which informs the appropriate functional layer of therequested file location within the network file storage. For example,the file location path is provided to the encryption layer to permitencryption of the file. In the embodiment, a copy of the original fileis made and encrypted. Original stored files are not modified. The filelocation path is then provided to the user who requested it.

[0023]FIG. 3 illustrates the processing steps that occur within thefunctional layers of network computer system 10. Queuing is used to passinformation between layers. As can be seen in FIG. 3, the statelessrequest handler (SRH) 21, or communications layer, receives atransaction request from a remote user computer 18 a. For purposes ofthis example, the remote user 18 a has requested a file that has beenstored by network computer system 10. SRH 21 passes this request to thecompression layer request queue 26 which performs the step 28 ofacquiring any necessary decompression and decryption objects. Newobjects are created if needed. Decryption and decompression of anyrequests or data is then performed at step 30. In the example beingdescribed, the request is decrypted and decompressed if necessary andforwarded to transaction routing layer input queue 32. From queue 32,the request is passed to the broker service or transaction routing layer25, which identifies the type of transaction requested and transfersthat request to the appropriate one of the business objects 27. Thedesignated business object causes the data layer 29 to request anynecessary encryption and/or compression objects that are required toencrypt and/or compress the requested file. The file location path isthen given to the communications layer, which then locates and transfersthe file to the user who requested it.

[0024] While the present invention has been illustrated in the drawingand described in detail in the foregoing description, it is understoodthat such illustration and description are illustrative in nature andare not to be considered restrictive, it being understood that only thepreferred embodiments have been shown and described and that all changesand modifications that would be apparent or would occur to one skilledin the art are to be protected.

What is claimed is:
 1. A network computer system comprising: a firstserver providing access to a plurality of clients; a second servercontrolled by said first server; a plurality of client objectscontrolled by said first server and associated with said first and saidsecond servers; and distribution means operatively connecting said firstand second servers, said distribution means permitting said first serverto control the distribution of said client objects between said firstand second servers in response to said access by said clients.
 2. Thenetwork computer system described in claim 1, wherein said plurality ofclient objects is equal to or greater in number than said plurality ofclients.
 3. The network computer system described in claim 1, whereinsaid plurality of clients access said first server via the internet. 4.The network computer system described in claim 1, further comprising aplurality of encryption objects controlled by said first server andassociated with said first and second servers.
 5. The network computersystem described in claim 1, further comprising a plurality ofcompression objects controlled by said first server and associated withsaid first and second servers.
 6. In a network computer system, a methodfor providing access to a plurality of clients, comprising the steps of:providing a plurality of client access objects under control of a firstserver; providing means for distributing said client access objectsbetween said first server and at least a second server in response tothe number of said clients attempting to access said first server;providing a communications connection between each of said clients andsaid client access objects; and severing said communications connectionin response to a predetermined period of inactivity of each of saidclients.